Privacy Policy - Runner Media | In-House Experts. Transparent Results.

1. Introduction

Runner Media (“we”, “us”, “our”, “the Company”) appreciates your business and trust. We are a Poland-based company specializing in advertising services, digital marketing, and business consulting, creating solutions to enhance your brand presence and business growth.

This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our website, services, or interact with us in any way. Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it.

By using our services or website, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms. If you do not agree with this Privacy Policy, please do not use our services or website.

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller Information

The data controller responsible for your personal data is:

Runner Media
ul. Szczepanowskiego 1
60-541 Poznań, Poland
Email: contact@runnermedia.pl
Phone: +48519520829

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details provided above.

3. Legal Basis for Data Processing

We process your personal data only when we have a valid legal basis to do so. The legal bases we rely on include:

3.1. Consent (Art. 6(1)(a) GDPR)

We may process your personal data based on your explicit consent for specific purposes, such as:

Sending marketing communications and newsletters
Using cookies and tracking technologies for marketing purposes
Processing special categories of data (if applicable)

You have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

3.2. Performance of a Contract (Art. 6(1)(b) GDPR)

We process your personal data when it is necessary to:

Execute advertising campaigns and consulting services you have requested
Manage your account and provide customer support
Process payments and issue invoices
Fulfill our contractual obligations to you

3.3. Legitimate Interest (Art. 6(1)(f) GDPR)

We may process your personal data based on our legitimate interests, including:

Improving and optimizing our services and website
Conducting marketing activities and business development
Preventing fraud, security threats, and legal violations
Managing business operations and internal administration
Analyzing website traffic and user behavior

We always balance our legitimate interests against your rights and freedoms before processing data on this basis.

3.4. Legal Obligation (Art. 6(1)(c) GDPR)

We process your personal data when required by law, such as:

Complying with tax and accounting regulations
Responding to legal requests from authorities
Maintaining records as required by applicable laws

4. Data We Collect

We collect various types of personal data depending on how you interact with us. Below is a detailed description of the categories of data we may collect:

4.1. Contact and Registration Data

When you register an account on our website, request a quote, or contact us, we collect:

Full name (first and last name)
Email address – for communication and account management
Phone number – for direct communication and support
Company name and registration details – if you represent a business
Job title and position – to understand your role and needs
Business address – for invoicing and correspondence
Username and password – for secure account access (passwords are encrypted)
Communication preferences – how you prefer to be contacted

You can view, edit, or delete most of your personal information in your account settings at any time. However, you cannot change your username once it has been set. Website administrators can also view and edit this information for support purposes.

4.2. Contact Form and Inquiry Data

When you submit inquiries through our contact forms, we collect:

Information provided in the form – including your message, questions, and specific requirements
Email correspondence – full content of emails exchanged between you and our team
Quote requests and project briefs – detailed information about your project needs, budget, timeline, and objectives
Attachments – any files, documents, or materials you provide to help us understand your requirements

This information is essential for us to respond to your inquiries effectively and provide accurate quotes and proposals.

4.3. Client and Project Data

When you become our client and we work on your projects, we collect and process:

Project specifications – detailed information about your advertising campaigns, marketing strategies, and business objectives
Campaign data – performance metrics, analytics, conversion data, and results from advertising campaigns
Marketing materials – logos, brand guidelines, images, videos, copy, and other creative assets you provide
Access credentials – login information for advertising platforms, analytics tools, and other systems (stored securely and encrypted)
Communication history – records of meetings, calls, emails, and project discussions
Feedback and reviews – your opinions, satisfaction ratings, and testimonials
Payment information – billing details, payment method information (processed securely through third-party payment processors)
Contract documents – signed agreements, amendments, and related documentation

4.4. Financial and Billing Data

For invoicing and payment processing, we collect:

Billing information – company name, tax identification number (NIP), billing address
Bank account details – for processing refunds or payments (if applicable)
Payment transaction data – transaction IDs, payment dates, amounts
Invoice history – records of all invoices issued and payments received
Tax documentation – information required for tax compliance and reporting

This data is retained in accordance with tax and accounting regulations, typically for 5 years from the end of the fiscal year.

4.5. Technical and Analytical Data

When you visit our website or use our services, we automatically collect:

IP address – to identify your location, prevent fraud, and ensure security
Browser type and version – to optimize website compatibility
Operating system – to ensure proper functionality
Device information – device type (desktop, mobile, tablet), screen resolution
Referring URL – the website you came from before visiting our site
Pages visited – which pages you viewed and in what order
Time spent on pages – how long you stayed on each page
Click behavior – what buttons, links, and elements you interacted with
Search queries – terms you searched for on our website
Download history – files and resources you downloaded
Date and time of access – when you visited our website
Browser language settings – to personalize content
Cookies and tracking identifiers – see Section 9 for detailed information

This data helps us understand how visitors use our website, identify technical issues, and improve user experience.

4.6. Social Media Data

When you interact with us through social media platforms, we may collect:

Public profile information – username, profile picture, bio (as made available by the platform)
Interaction data – likes, comments, shares, messages sent to our business pages
Social media engagement – how you engage with our posts and advertisements
Publicly available information – any information you have made public on your social media profiles

We only access information that you have made public or that the platform allows us to access through their APIs.

4.7. Marketing and Communication Data

For marketing purposes, we may collect:

Newsletter subscriptions – email address and subscription preferences
Marketing consents – records of your consent to receive marketing communications
Campaign interactions – whether you opened emails, clicked links, or engaged with ads
Survey responses – feedback and opinions provided in surveys and questionnaires
Event participation – attendance at webinars, workshops, or events we organize
Download history – whitepapers, guides, case studies, or resources you downloaded

4.8. Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect information about your browsing behavior. For detailed information about cookies, please see Section 9 of this Privacy Policy.

5. How We Use Your Data

We use the personal data we collect for various purposes related to our business operations and service delivery. Below is a comprehensive explanation of how we use your data:

5.1. Service Delivery and Account Management

To provide our advertising and consulting services:

Execute advertising campaigns across multiple platforms (Google Ads, Meta Ads, LinkedIn, etc.)
Develop marketing strategies tailored to your business needs
Create and optimize advertising content, landing pages, and marketing materials
Monitor campaign performance and provide regular reports and analytics
Conduct market research and competitive analysis for your projects
Manage your account and maintain accurate records of our cooperation

To communicate with you about your projects:

Respond to inquiries, quote requests, and support tickets
Provide project updates, status reports, and performance metrics
Schedule and conduct meetings, calls, and consultations
Share documents, files, and deliverables related to your projects
Request feedback, approvals, and additional information when needed

To provide technical support:

Troubleshoot issues with our services or your campaigns
Assist with platform integrations and technical implementations
Provide guidance on best practices and optimization strategies
Resolve complaints and address concerns promptly

5.2. Administrative and Legal Purposes

To fulfill our legal and contractual obligations:

Process payments and issue invoices in compliance with tax regulations
Maintain accounting records and financial documentation
Comply with legal requirements, including tax laws and business regulations
Respond to legal requests from authorities and regulatory bodies
Archive documents as required by applicable laws (typically 5 years for financial records)

To manage business operations:

Maintain internal records and databases
Conduct business analysis and planning
Manage vendor relationships and partnerships
Ensure compliance with our internal policies and procedures

5.3. Marketing and Business Development

To promote our services (with your consent):

Send newsletters with industry insights, tips, and company updates
Inform you about new services, features, and special offers
Share case studies, success stories, and client testimonials
Invite you to webinars, events, and educational opportunities
Conduct email marketing campaigns and promotional activities

To personalize your experience:

Customize content and recommendations based on your interests and behavior
Tailor our communications to be more relevant to your needs
Segment our audience to provide more targeted and useful information

To conduct remarketing and retargeting:

Show relevant advertisements to people who have visited our website
Re-engage potential clients who have shown interest in our services
Optimize ad placement and targeting based on user behavior

All marketing communications include an easy opt-out option, and you can unsubscribe at any time.

5.4. Analytics, Research, and Improvement

To analyze and improve our services:

Track website traffic, user behavior, and conversion rates
Identify trends, patterns, and opportunities for improvement
Test new features, designs, and marketing approaches (A/B testing)
Measure the effectiveness of our advertising campaigns and strategies
Optimize website performance, loading times, and user experience
Understand customer preferences and needs better

To conduct business intelligence:

Create reports and statistics about our business performance
Analyze market trends and competitive landscape
Identify new business opportunities and growth areas
Develop data-driven strategies and recommendations

5.5. Security and Fraud Prevention

To protect our business and users:

Detect and prevent fraudulent activities, spam, and abuse
Identify security threats and vulnerabilities
Monitor for unauthorized access to accounts and systems
Investigate suspicious behavior or policy violations
Enforce our Terms of Service and other agreements
Protect against cyberattacks, malware, and other security risks

To ensure system integrity:

Maintain the security and stability of our IT infrastructure
Conduct security audits and vulnerability assessments
Implement and update security measures and protocols
Backup data to prevent loss and ensure business continuity

6. Data Sharing and Third-Party Recipients

We understand the importance of keeping your data secure and only share it when necessary to provide our services or comply with legal obligations. Below is a detailed list of third parties who may receive your personal data:

6.1. Service Providers and Business Partners

We work with trusted third-party service providers who assist us in delivering our services. These providers only have access to the personal data necessary to perform their specific functions and are contractually obligated to protect your data.

Hosting and Infrastructure Providers:

Our website and databases are hosted on secure servers operated by professional hosting companies
These providers ensure high availability, security, and GDPR compliance
Data may be stored on servers located in the European Union or other locations with adequate data protection

Advertising and Marketing Platforms:

Google Ads and Google Marketing Platform – for running search, display, video, and shopping campaigns
Meta Business Suite (Facebook & Instagram Ads) – for social media advertising and remarketing
LinkedIn Campaign Manager – for B2B advertising and professional targeting
Twitter/X Ads – for social media marketing campaigns
TikTok Ads – for short-form video advertising (if applicable)
Programmatic advertising platforms – for automated ad buying and placement

These platforms receive information necessary to deliver and optimize advertising campaigns, including targeting data, conversion tracking, and performance metrics.

Analytics and Tracking Tools:

Google Analytics – for website traffic analysis, user behavior tracking, and conversion measurement
Meta Pixel (Facebook Pixel) – for tracking conversions, building audiences, and measuring ad effectiveness
LinkedIn Insight Tag – for tracking website visitors and measuring campaign performance
Hotjar or similar tools – for heatmaps, session recordings, and user experience analysis
Google Tag Manager – for managing tracking codes and marketing tags

Customer Relationship Management (CRM) Systems:

We use CRM platforms to manage client relationships, track communications, and organize project data
Examples may include HubSpot, Salesforce, or similar systems
These systems help us provide better customer service and maintain accurate records

Email Marketing and Communication Services:

Email service providers (such as Mailchimp, SendGrid, or similar) – for sending newsletters and marketing emails
Transactional email services – for sending account notifications, invoices, and service-related messages
Business email hosting (such as Google Workspace, Microsoft 365, or similar) – for internal and external email communication

Payment Processing Services:

We use secure payment processors to handle transactions and billing
These providers may include PayPal, Stripe, or traditional payment gateways
Payment data is encrypted and processed in compliance with PCI DSS standards
We do not store complete credit card information on our servers

Accounting and Financial Services:

External accounting firms or software for bookkeeping and financial reporting
Tax advisors for compliance with tax regulations
Financial institutions for banking services

Project Management and Collaboration Tools:

Platforms like Asana, Trello, Monday.com, or similar for project organization
File sharing services like Google Drive, Dropbox, or WeTransfer for document exchange
Communication tools like Slack, Microsoft Teams, or Zoom for meetings and collaboration

Security and IT Services:

Cybersecurity providers for threat detection and prevention
Backup and disaster recovery services
IT support and infrastructure management providers

6.2. Social Media Platforms

We maintain a presence on various social media platforms and may share data with:

Facebook/Meta:

For managing business pages, running ads, and analyzing engagement
Meta receives data through pixels, API integrations, and direct interactions
See Meta’s Privacy Policy: https://www.facebook.com/privacy/policy/

Instagram:

Owned by Meta, follows the same privacy practices as Facebook
Used for visual content marketing and advertising

LinkedIn:

For B2B marketing, professional networking, and recruitment
See LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Twitter/X:

For real-time updates, customer engagement, and advertising
See X’s Privacy Policy: https://twitter.com/privacy

YouTube:

For video content hosting and video advertising
Owned by Google, follows Google’s privacy practices
See Google’s Privacy Policy: https://policies.google.com/privacy

TikTok (if applicable):

For short-form video content and advertising
See TikTok’s Privacy Policy: https://www.tiktok.com/legal/privacy-policy

We do not install cookies or connect you to these platforms until you explicitly interact with embedded content or click on social media links.

6.3. Legal and Regulatory Authorities

We may share your personal data with government agencies, law enforcement, courts, or regulatory bodies when:

Required by law – to comply with legal obligations, court orders, or regulatory requirements
Legal proceedings – in connection with litigation, arbitration, or dispute resolution
Tax authorities – for tax compliance and reporting (e.g., Polish tax office)
Law enforcement – to investigate or prevent illegal activities, fraud, or threats to public safety
Regulatory compliance – to meet obligations under GDPR, consumer protection laws, or industry regulations

We will notify you of such disclosures when legally permitted to do so.

6.4. Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring or successor entity. We will notify you of any such change and how it affects your personal data.

6.5. Data Protection Commitments

All third parties we work with are carefully selected and must:

Comply with GDPR and other applicable data protection laws
Implement appropriate security measures to protect your data
Process data only according to our instructions and for specified purposes
Maintain confidentiality and not use data for their own purposes
Sign data processing agreements that define their responsibilities

We regularly review our service providers to ensure they meet our data protection standards.

7. International Data Transfers

Some of our service providers and partners may be located outside the European Economic Area (EEA), which means your personal data may be transferred to and processed in countries that may not have the same level of data protection as the EEA.

7.1. Safeguards for International Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs):

We use European Commission-approved Standard Contractual Clauses with our service providers
These clauses provide legally binding guarantees for data protection

EU-U.S. Data Privacy Framework:

Some U.S.-based service providers are certified under the EU-U.S. Data Privacy Framework
This framework ensures adequate protection for data transferred to participating U.S. companies
You can verify certification at: https://www.dataprivacyframework.gov/

Adequacy Decisions:

We may transfer data to countries recognized by the European Commission as providing adequate protection
Current adequate countries include the UK, Switzerland, Canada, Japan, and others

Other Legal Mechanisms:

Binding Corporate Rules for multinational companies
Codes of conduct and certification mechanisms
Explicit consent for specific transfers (when applicable)

7.2. Your Rights Regarding International Transfers

You have the right to:

Request information about where your data is processed
Obtain copies of the safeguards in place for international transfers
Object to transfers to countries without adequate protection

If you have concerns about international data transfers, please contact us.

8. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Below are the specific retention periods for different types of data:

8.1. Client and Account Data

Active clients:

Data is retained throughout the duration of our business relationship
After the relationship ends, we retain data for 3 years for:
- Potential future collaboration
- Answering questions about past projects
- Resolving disputes or claims

Inactive accounts:

If you haven’t used our services for 5 years, we may contact you to ask if you want to keep your account
If we don’t receive a response, the account and associated data may be deleted

8.2. Financial and Tax Records

Invoices and payment records:

Retained for 5 years from the end of the fiscal year in which they were created
Required by Polish tax law and accounting regulations
Includes: invoices, receipts, payment confirmations, bank statements

Contracts and agreements:

Retained for the duration of the contract plus 5 years after termination
Required for potential legal claims (statute of limitations)

8.3. Marketing Data

Newsletter subscribers:

Retained until you unsubscribe or withdraw consent
If there’s no engagement for 5 years, we may remove your email from our list
You can unsubscribe at any time using the link in our emails

Marketing consents and preferences:

Retained as long as the consent is valid
Records of withdrawn consents are kept for 3 years to prove compliance

Campaign performance data:

Aggregated and anonymized data may be retained indefinitely for analysis
Personal data linked to campaigns is deleted after 2 years of campaign completion

8.4. Website Analytics and Cookies

Google Analytics data:

User-level and event-level data is automatically deleted after 14-26 months (depending on settings)
Aggregated reports may be retained indefinitely

Cookie data:

Session cookies expire when you close your browser
Persistent cookies typically expire after 6-24 months
You can delete cookies from your browser at any time

Server logs:

IP addresses and access logs are retained for 90 days for security purposes
After this period, they are automatically deleted

8.5. Communications and Correspondence

Email correspondence:

General inquiries: retained for 2 years
Project-related emails: retained for 3 years after project completion
Legal or contractual emails: retained for 5 years

Support tickets:

Retained for 2 years after resolution
May be anonymized after this period for training and quality improvement

Meeting recordings and notes:

Retained for the duration of the project plus 1 year
Deleted afterwards unless needed for legal or contractual purposes

8.6. Legal and Compliance Data

Data related to legal claims:

Retained until the claim is resolved and any appeal periods have expired
Typically 5-10 years depending on the nature of the claim

Compliance records:

Consent records: retained for 3 years after consent is withdrawn
Data protection impact assessments: retained for 3 years after completion
Breach notifications: retained for 5 years

8.7. Deletion and Anonymization

After the retention period expires:

Personal data is permanently deleted from our active systems
Backups containing old data are eventually overwritten (typically within 90 days)
Some data may be anonymized (removing all identifying information) and retained for statistical purposes

You can request early deletion of your data at any time (subject to legal requirements).

9. Cookies and Tracking Technologies

9.1. What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. They help websites remember information about your visit, making it easier to use the site and providing a more personalized experience.

Cookies typically contain:

A unique identifier
The website domain
Expiration date
Encrypted data about your preferences or session

9.2. Why We Use Cookies

We use cookies to:

Remember your preferences – language settings, login status, display preferences
Improve website functionality – ensure features work correctly across pages
Analyze website performance – understand how visitors use our site and identify areas for improvement
Deliver relevant advertising – show ads that match your interests and measure their effectiveness
Enhance security – detect fraud and protect against unauthorized access
Provide social media features – enable sharing and interaction with social platforms

9.3. Types of Cookies We Use

We use different categories of cookies for various purposes:

9.3.1. Strictly Necessary Cookies

These cookies are essential for the website to function properly. Without them, certain services cannot be provided. You cannot opt out of these cookies.

Examples:

Session cookies (PHPSESSID) – maintain your session as you navigate the site
Security cookies – authenticate users and prevent fraudulent use of login credentials
Load balancing cookies – distribute traffic across servers for optimal performance
Cookie consent cookies – remember your cookie preferences

CloudFlare cookies:

__cfduid – identifies individual clients behind a shared IP address and applies security settings
Used by our CDN (Content Delivery Network) to protect against malicious attacks
See CloudFlare’s Privacy Policy: https://www.cloudflare.com/privacypolicy/

WordPress authentication cookies (for logged-in users):

wordpress_[hash], wordpress_logged_in_[hash] – authenticate logged-in users
wp-settings-[UID] – customize your view of the admin interface
wordpress_test_cookie – checks if cookies are enabled in your browser

These cookies do not track your browsing activity on other websites.

9.3.2. Performance and Analytical Cookies

These cookies collect information about how you use our website, helping us improve its performance and user experience. The information collected is aggregated and anonymous.

Google Analytics:

_ga, _gid, _gat – distinguish users and throttle request rates
Tracks: page views, bounce rate, time on site, traffic sources, user demographics
Data retention: 14-26 months
Privacy Policy: https://policies.google.com/privacy
Opt-out option: https://tools.google.com/dlpage/gaoptout

We have configured Google Analytics to:

Anonymize IP addresses
Disable data sharing with Google for advertising purposes
Respect Do Not Track signals (where possible)

Hotjar (if applicable):

_hjid, _hjIncludedInPageviewSample – track user behavior for heatmaps and session recordings
Helps us understand how users interact with our site
Privacy Policy: https://www.hotjar.com/legal/policies/privacy/

9.3.3. Functionality Cookies

These cookies enable enhanced functionality and personalization, such as remembering your preferences and choices.

Examples:

Language preferences – remember your selected language
Display settings – save your choice of layout, font size, or dark mode
Video player settings – remember volume and quality preferences
Form autofill – remember information you’ve entered in forms (non-sensitive data only)

These cookies are typically set in response to actions you take and don’t track you across other websites.

9.3.4. Targeting and Advertising Cookies

These cookies are used to deliver advertisements more relevant to you and your interests. They also help measure the effectiveness of advertising campaigns.

Google Ads and DoubleClick:

IDE, DSID, FLC, AID – serve targeted ads based on your browsing behavior
Enable remarketing to show ads to people who visited our website
Track conversions to measure campaign effectiveness
Privacy Policy: https://policies.google.com/privacy
Opt-out option: https://adssettings.google.com/

Meta Pixel (Facebook and Instagram):

_fbp, fr – deliver and measure effectiveness of ads on Facebook and Instagram
Build custom audiences for remarketing
Track conversions and user actions on our website
Privacy Policy: https://www.facebook.com/privacy/policy/

LinkedIn Insight Tag:

li_sugr, UserMatchHistory, bcookie – track conversions and enable B2B remarketing
Build audiences based on professional demographics
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Other advertising platforms:

We may use cookies from other platforms like Twitter, TikTok, or programmatic ad networks
Each platform has its own privacy policy and opt-out options

9.4. Third-Party Cookies

Some cookies are placed by third-party services that appear on our pages:

Social media platforms:

When we embed content from YouTube, Facebook, Twitter, or LinkedIn
These platforms may set cookies even if you don’t interact with the content
We use privacy-enhanced modes where available (e.g., youtube-nocookie.com)

Third-party tools and widgets:

Chat widgets, calendars, maps, or other embedded tools
Each has its own privacy policy

9.5. How Long Do Cookies Last?

Session cookies:

Temporary cookies deleted when you close your browser
Used for essential functions like shopping carts or login sessions

Persistent cookies:

Remain on your device for a set period or until manually deleted
Typical lifespan: 30 days to 2 years
Used for remembering preferences and tracking over multiple visits

9.6. Managing and Controlling Cookies

You have several options to control and manage cookies:

Browser Settings

You can control cookies through your browser settings:

Google Chrome: Settings → Privacy and security → Cookies and other site data

Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data

Safari: Preferences → Privacy → Manage Website Data

Microsoft Edge: Settings → Privacy, search, and services → Cookies and site permissions

You can:

Block all cookies (may break website functionality)
Block third-party cookies only
Delete cookies after each session
View and delete individual cookies

Cookie Consent Manager

When you first visit our website, you’ll see a cookie consent banner allowing you to:

Accept all cookies
Reject non-essential cookies
Customize your preferences by category

You can change your preferences at any time by clicking the cookie settings link in the website footer.

Opt-Out Tools

Google Ads:

Visit: https://adssettings.google.com/
Turn off “Ads Personalization”

Facebook:

Visit: https://www.facebook.com/settings?tab=ads
Manage ad preferences

Network Advertising Initiative (NAI):

Visit: https://optout.networkadvertising.org/
Opt out of multiple ad networks at once

European Interactive Digital Advertising Alliance (EDAA):

Visit: https://www.youronlinechoices.eu/
Control targeted advertising in Europe

Google Analytics Opt-Out:

Install browser add-on: https://tools.google.com/dlpage/gaoptout

9.7. Do Not Track Signals

Some browsers offer “Do Not Track” (DNT) signals. While we respect your privacy preferences, there is no industry standard for responding to DNT signals. We are working toward implementing DNT support where technically feasible.

9.8. Mobile App Tracking (if applicable)

If we offer a mobile app in the future, we will use mobile identifiers (Advertising ID on Android, IDFA on iOS) for analytics and advertising purposes. You can reset or limit tracking through your device settings.

9.9. Impact of Disabling Cookies

If you disable cookies, some features may not work properly:

You may need to log in repeatedly
Preferences won’t be saved
Some pages may not display correctly
Personalized content will not be available

However, disabling cookies will not prevent you from accessing most of our content.

10. Your Rights Under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.

10.1. Right of Access (Art. 15 GDPR)

You have the right to obtain:

Confirmation of whether we are processing your personal data
Access to your personal data
Information about how we use your data, including:
- Purposes of processing
- Categories of data concerned
- Recipients or categories of recipients
- Retention periods
- Your other rights
- Source of the data (if not collected directly from you)

You can request a copy of your personal data free of charge. If you request additional copies, we may charge a reasonable administrative fee.

10.2. Right to Rectification (Art. 16 GDPR)

You have the right to:

Correct inaccurate personal data
Complete incomplete personal data
Update outdated information

We will correct or update your data promptly and notify third parties to whom we have disclosed the data (where applicable).

10.3. Right to Erasure / “Right to Be Forgotten” (Art. 17 GDPR)

You can request deletion of your personal data when:

The data is no longer necessary for the purposes it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Deletion is required by legal obligation
The data was collected in relation to information society services (online services for children)

Exceptions: We may refuse deletion if the data is necessary for:

Compliance with legal obligations (e.g., tax records for 5 years)
Establishment, exercise, or defense of legal claims
Performance of a contract
Fulfilling obligations under public law

If we cannot delete all data, we will explain why and what data must be retained.

10.4. Right to Restriction of Processing (Art. 18 GDPR)

You can request that we limit how we use your data when:

You contest the accuracy of the data (while we verify it)
Processing is unlawful but you don’t want the data deleted

10.5. Right to Data Portability (Art. 20 GDPR)

You have the right to:

Receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV, JSON, XML) Transmit this data to another controller without hindrance from us Request that we transmit the data directly to another controller (where technically feasible) This right applies when:

Processing is based on consent or contract Processing is carried out by automated means Examples of portable data:

Your account information and profile data Contact history and communication records Project data and campaign information Marketing preferences and consent records We will provide the data within 30 days of your request, free of charge.

10.6. Right to Object (Art. 21 GDPR)

You have the right to object to processing of your personal data at any time when:

Processing is based on legitimate interest or public interest Data is used for direct marketing purposes (including profiling) Data is used for scientific, historical research, or statistical purposes Direct marketing objection:

You can object to marketing at any time, and we will stop immediately Use the “unsubscribe” link in emails or contact us directly We will not ask for justification for this objection Legitimate interest objection:

You must provide reasons related to your particular situation We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms Or if processing is necessary for legal claims 10.7. Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

When we use automated decision-making:

We will inform you explicitly Provide meaningful information about the logic involved Explain the significance and envisaged consequences Offer the right to human intervention, express your point of view, and contest the decision Currently, Runner Media does not use fully automated decision-making that produces legal effects. However, we use profiling for marketing personalization (which you can opt out of).

10.8. Right to Withdraw Consent

When processing is based on consent:

You can withdraw consent at any time Withdrawal is as easy as giving consent (one-click unsubscribe, account settings, or contact us) Withdrawal does not affect the lawfulness of processing before withdrawal We may not be able to provide certain services after consent withdrawal How to withdraw consent:

Marketing emails: Click “unsubscribe” in any email Cookie consent: Adjust settings in cookie banner or browser Account deletion: Request through account settings or contact us Specific consents: Contact us at contact@runnermedia.pl 10.9. How to Exercise Your Rights

To exercise any of the rights described above:

Contact us via email: contact@runnermedia.pl Send a written request to: Runner Media, ul. Szczepanowskiego 1, 60-541 Poznań, Poland Use the data subject request form on our website (if available) Information we may need:

Your name and contact information Description of your request and which right you want to exercise Proof of identity (to prevent unauthorized access) Specific details about the data concerned (if applicable) Our response timeline:

We will acknowledge your request within 72 hours We will respond within 30 days (may be extended by 2 months for complex requests) If we extend the deadline, we will inform you within 30 days and explain the reason We will inform you if we refuse your request and explain why All responses are free of charge, unless requests are manifestly unfounded or excessive

10.10. Complaints and Disputes

If you’re not satisfied with how we handle your request or believe we’re not complying with GDPR:

Contact us first: We want to resolve issues directly Lodge a complaint with the supervisory authority: Urząd Ochrony Danych Osobowych (UODO) ul. Stawki 2, 00-193 Warsaw, Poland Phone: +48 22 531 03 00 Email: kancelaria@uodo.gov.pl Website: https://uodo.gov.pl Seek judicial remedy: You have the right to an effective judicial remedy against our decisions or the supervisory authority

11. Data Security Measures

At Runner Media, we take the security of your personal data extremely seriously. We implement comprehensive technical and organizational measures to protect your data against unauthorized access, accidental loss, destruction, or damage.

11.1. Technical Security Measures

Encryption:

Transport Layer Security (TLS/SSL): All data transmitted between your browser and our servers is encrypted using industry-standard TLS 1.2 or higher Database encryption: Sensitive data at rest is encrypted using AES-256 encryption Password encryption: Passwords are hashed using bcrypt or Argon2 algorithms with strong salt End-to-end encryption: For highly sensitive communications when necessary Access Controls:

Multi-factor authentication (MFA): Required for all administrative access to systems Role-based access control (RBAC): Staff can only access data necessary for their job functions Principle of least privilege: Users are granted minimum necessary permissions Regular access reviews: Quarterly audits of who has access to what Automatic session timeouts: Inactive sessions are terminated automatically Strong password policies: Minimum length, complexity requirements, regular changes Network Security:

Firewalls: Advanced firewall protection on all servers and network boundaries Intrusion detection systems (IDS): Monitoring for suspicious network activity DDoS protection: CloudFlare and other services protect against distributed denial-of-service attacks Virtual Private Networks (VPNs): Required for remote access to internal systems Network segmentation: Separation of production, development, and administrative networks Application Security:

Regular security updates: Operating systems, applications, and plugins kept up-to-date Vulnerability scanning: Automated scanning for known vulnerabilities Penetration testing: Annual third-party security assessments Secure coding practices: Following OWASP Top 10 guidelines Input validation: Protection against SQL injection, XSS, and other attacks Content Security Policy (CSP): Browser-level security to prevent malicious content Data Backup and Recovery:

Automated backups: Daily backups of all critical data Offsite backup storage: Backups stored in geographically separate locations Backup encryption: All backups are encrypted Regular restore testing: Quarterly testing to ensure backups can be restored Disaster recovery plan: Documented procedures for various scenarios Recovery Time Objective (RTO): Target of 24 hours for critical systems Recovery Point Objective (RPO): Maximum 24 hours of data loss

11.2. Organizational Security Measures

Staff Training and Awareness:

Data protection training: All employees complete GDPR training upon hiring and annually Security awareness program: Regular updates on latest threats and best practices Phishing simulations: Testing staff awareness of social engineering attacks Confidentiality agreements: All staff sign NDAs and confidentiality clauses Clear desk and screen policies: Physical security of information in offices Access Management:

Background checks: Vetting of employees with access to personal data Segregation of duties: Critical operations require multiple people Onboarding/offboarding procedures: Systematic granting and revocation of access Guest access controls: Strict limitations on visitor access to facilities and systems Policies and Procedures:

Data Protection Policy: Comprehensive internal policy covering all aspects of data handling Incident Response Plan: Documented procedures for responding to data breaches Data Retention Policy: Clear guidelines on how long to keep different types of data Acceptable Use Policy: Rules for using company systems and handling data Business Continuity Plan: Ensuring operations can continue during disruptions Vendor Management:

Due diligence: Security assessment of all third-party service providers Data Processing Agreements: Contractual obligations for data protection Regular audits: Periodic review of vendor security practices Vendor access logs: Tracking what vendors access and when Physical Security:

Secure facilities: Offices with access control systems (key cards, biometric readers) Surveillance: CCTV monitoring of sensitive areas Visitor management: Sign-in procedures and escort requirements for visitors Secure disposal: Shredding of physical documents, secure wiping of electronic media

11.3. Monitoring and Incident Response

Security Monitoring:

24/7 monitoring: Continuous monitoring of systems for security events Log management: Centralized logging of all system activities Anomaly detection: Automated alerts for unusual behavior Regular security audits: Internal and external reviews of security controls Data Breach Response:

Incident Response Team: Designated team responsible for handling breaches Detection and assessment: Immediate investigation of potential breaches Containment: Quick action to stop further unauthorized access Notification procedures: Supervisory authority notification within 72 hours (if high risk) Affected individuals notified without undue delay Documentation of breach, response actions, and lessons learned Remediation: Fixing vulnerabilities and preventing recurrence Post-incident review: Analysis to improve security measures

11.4. Third-Party Security

All third-party service providers must meet our security standards:

SOC 2 Type II compliance: For critical service providers ISO 27001 certification: Preferred for data processors Regular security questionnaires: Annual assessment of vendor security posture Right to audit: Contractual rights to audit vendor security practices Data Processing Agreements: GDPR-compliant contracts with all processors

11.5. Your Role in Security

While we implement robust security measures, you also play a crucial role:

Use strong passwords: Unique, complex passwords for your account Enable MFA: If we offer multi-factor authentication, please use it Keep credentials confidential: Never share your password with anyone Be aware of phishing: Don’t click suspicious links in emails claiming to be from us Use secure networks: Avoid accessing your account on public Wi-Fi without VPN Report suspicious activity: Contact us immediately if you notice anything unusual Keep your software updated: Use up-to-date browsers and security software

11.6. Security Incident Reporting

If you believe there has been a security incident involving your data:

Contact us immediately: contact@runnermedia.pl or +48519520829 Do not delay: Quick reporting helps us respond faster Provide details: Any information that might help us investigate Preserve evidence: Don’t delete emails or other evidence of the incident We take all reports seriously and will:

Acknowledge your report within 24 hours Investigate thoroughly Keep you informed of our findings Take appropriate action to protect your data

12. Children’s Privacy

12.1. Age Requirements

Runner Media’s services are intended for businesses and professional use. We do not knowingly collect personal data from children under the age of 16 (or the applicable age of digital consent in your country).

Our website and services are designed for:

Business owners and professionals Marketing managers and executives Adults making commercial decisions

12.2. Parental Consent

If we discover that we have collected personal data from a child without proper parental consent:

We will delete the information immediately We will notify the parents/guardians if possible We will document the incident and review our procedures

12.3. What Parents Should Know

If you are a parent or guardian and believe your child has provided us with personal information:

Contact us immediately: contact@runnermedia.pl Provide proof of guardianship and identity We will verify the situation and take appropriate action

12.4. Educational Content

While our marketing content (blog posts, guides, resources) may be publicly accessible, we:

Do not target children with marketing Do not collect data through educational content Encourage parental supervision of internet use

13. Links to Third-Party Websites

13.1. External Links

Our website may contain links to external websites, including:

Client websites and case studies Industry resources and news sources Partner and vendor websites Social media platforms Tool providers and software platforms Educational content and research papers

13.2. No Responsibility for Third Parties

Important: We are not responsible for:

The privacy practices of third-party websites The content or accuracy of external sites The security measures of linked websites How third parties collect, use, or share your data Changes to third-party privacy policies

13.3. Third-Party Privacy Policies

When you click a link and leave our website:

You are subject to the privacy policy of the destination website We encourage you to read their privacy policy before providing any information Different privacy laws may apply depending on the website’s location Data protection standards may differ from ours

13.4. Social Media Links and Sharing

Social media sharing features on our site:

Social media icons: Do not connect you to platforms until you click them Share buttons: May load third-party scripts when clicked Privacy-enhanced embeds: We use privacy-friendly embed methods where available (e.g., youtube-nocookie.com) No automatic connections: We don’t automatically send data to social platforms unless you interact with their features

13.5. Embedded Content

When we embed content from third-party platforms:

YouTube videos: May load cookies when you play the video Social media feeds: May track your interaction if you engage with content Maps: Google Maps may collect location data Third-party widgets: Calendar booking, chat tools, etc., may have their own privacy policies You should review the privacy policy of these embedded services:

YouTube: https://policies.google.com/privacy Facebook: https://www.facebook.com/privacy/policy/ LinkedIn: https://www.linkedin.com/legal/privacy-policy Twitter/X: https://twitter.com/privacy Google Maps: https://policies.google.com/privacy

13.6. Verification of Links

While we try to ensure external links are safe and reputable:

We cannot control third-party content Links may change or become outdated We are not responsible if a previously safe site becomes compromised Report suspicious links to us immediately

13.7. Recommendation

Before providing personal information to any website:

Verify you’re on the intended website (check URL) Look for HTTPS security (lock icon in browser) Read their privacy policy Understand what data they collect and why Check if they are legitimate and trustworthy Be cautious with sensitive information

14. International Users and Data Transfers

14.1. European Economic Area (EEA)

Runner Media operates primarily within the European Economic Area and complies with GDPR. If you are located in the EEA:

Your data is protected by GDPR You have all the rights described in Section 10 We use EEA-based service providers where possible Any international transfers have appropriate safeguards

14.2. Data Transfers Outside EEA

Some service providers may process data outside the EEA:

United States: For cloud services, analytics, and advertising platforms Other countries: Depending on specific tools and services used We ensure adequate protection through:

EU-U.S. Data Privacy Framework: For certified U.S. companies Standard Contractual Clauses (SCCs): European Commission-approved contracts Adequacy decisions: Countries recognized by EU as having adequate protection Binding Corporate Rules: For multinational corporations

14.3. Specific Countries and Safeguards

United Kingdom:

Recognized as adequate by European Commission GDPR-equivalent UK GDPR applies Data can flow freely between EU and UK Switzerland:

Adequate protection under EU law Swiss Federal Act on Data Protection applies Canada:

Adequate for commercial organizations under PIPEDA Additional safeguards may apply Other countries:

We assess data protection laws before transferring data Implement additional safeguards when necessary Document all international transfers

14.4. Your Rights Regarding International Transfers

You have the right to:

Know where your data is processed Receive information about safeguards in place Object to transfers to specific countries Request copies of Standard Contractual Clauses Contact us for details: contact@runnermedia.pl

14.5. Brexit and UK Data Transfers

Following Brexit:

UK recognized as adequate for data transfers We continue to serve UK clients under UK GDPR Data flows between EU and UK continue normally We monitor any regulatory changes

15. Changes to This Privacy Policy

15.1. Right to Update

We reserve the right to update, modify, or replace any part of this Privacy Policy. Changes may be necessary due to:

Changes in our business practices or services New legal or regulatory requirements Technological developments and new tools Security enhancements Feedback from users and authorities Best practices in data protection Mergers, acquisitions, or business restructuring

15.2. Material vs. Non-Material Changes

Material changes (significant impact on your rights):

Adding new purposes for data processing Collecting new categories of sensitive data Sharing data with new types of third parties Changing data retention periods significantly Transferring data to new countries Changing legal basis for processing We will provide prominent notice and may require new consent

Non-material changes (minor updates):

Clarifying existing practices Fixing typos or improving readability Updating contact information Adding examples or explanations Reorganizing content for clarity We will update the “Last Updated” date

15.3. How We Notify You

When we make significant changes, we will notify you through:

Email notification:

Sent to registered users at least 30 days before changes take effect Clear subject line: “Important: Privacy Policy Update” Summary of key changes in the email Link to full updated policy Website banner:

Prominent notice on homepage Visible for at least 30 days Pop-up or modal notification:

Appears when you next visit after update Requires acknowledgment to continue using services Highlights major changes Social media announcements:

Posts on our official social media accounts Summary of changes and link to full policy Account dashboard:

Notification in your account upon login Option to review changes before continuing

15.4. Effective Date of Changes

Changes become effective:

30 days after notification (for material changes) Immediately upon publication (for non-material changes) Upon your acceptance (if consent is required) The “Last Updated” date at the top indicates the latest revision

15.5. Your Options After Changes

If you don’t agree with updated terms:

Contact us: Discuss your concerns Withdraw consent: For processing based on consent Object to changes: Exercise your GDPR rights Close your account: Request data deletion (subject to retention requirements) Continued use: Using services after effective date constitutes acceptance

15.6. Record of Changes

We maintain internal records of:

All previous versions of the Privacy Policy Dates of changes Reasons for changes User notifications sent This helps us demonstrate compliance with GDPR requirements.

15.7. Regular Review

We review this Privacy Policy:

At least annually When introducing new services or features After significant regulatory changes Following data protection impact assessments When recommended by legal or privacy advisors

16. Contact Information and Data Protection

16.1. General Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data:

Runner Media ul. Szczepanowskiego 1 60-541 Poznań, Poland

General Inquiries:

Email: contact@runnermedia.pl Phone: +48519520829 Website: [Your website URL] Business Hours: Monday-Friday, 9:00-17:00 CET

16.2. Data Protection Contact

For specific data protection and privacy matters:

Data Protection Email: contact@runnermedia.pl Subject Line: “Data Protection Request” or “Privacy Inquiry” Mailing Address: Runner Media – Data Protection Department ul. Szczepanowskiego 1, 60-541 Poznań, Poland We respond to privacy inquiries within:

72 hours: Initial acknowledgment 30 days: Complete response (may extend to 90 days for complex requests)

16.3. Exercising Your Rights

To exercise GDPR rights (access, rectification, erasure, etc.):

Email: contact@runnermedia.pl with subject “GDPR Request” Include: Your name, contact information, specific request, proof of identity Online form: [Link to data subject request form if available] Mail: Written request to our address above We will:

Verify your identity to prevent unauthorized access Process your request within required timeframes Provide clear explanations if we cannot fulfill your request Keep records of all requests and responses

16.4. Security Incident Reporting

If you believe your data has been compromised:

Immediate Contact:

Email: contact@runnermedia.pl (mark as URGENT) Phone: +48519520829 Available 24/7 for security emergencies Provide:

Description of the incident When you noticed it What data may be affected Any evidence or suspicious communications We will:

Respond immediately to security reports Investigate thoroughly Take action to protect your data Keep you informed throughout the process Notify authorities if required

16.5. Complaints and Disputes

If you’re not satisfied with our response:

Internal escalation: Request to speak with management Supervisory authority: Lodge complaint with UODO (details in Section 10.10) Legal remedies: Seek judicial remedy if necessary

16.6. Feedback and Suggestions

We welcome feedback about our privacy practices:

Email: contact@runnermedia.pl Subject: “Privacy Policy Feedback” We review all feedback and use it to improve our practices

16.7. Language and Accessibility

This Privacy Policy is available in:

English (primary version) Polish (for local compliance) If there are discrepancies between versions, the English version prevails

For accessibility:

Screen reader compatible Plain language where possible Available in downloadable PDF format Large print version available upon request

16.8. Supervisory Authority

Polish Data Protection Authority:

Urząd Ochrony Danych Osobowych (UODO) ul. Stawki 2 00-193 Warsaw, Poland Phone: +48 22 531 03 00 Email: kancelaria@uodo.gov.pl Website: https://uodo.gov.pl

You have the right to lodge a complaint with UODO if you believe we’re not complying with data protection laws.

17. Additional Information

17.1. Professional Services

Our services include:

Digital Advertising: Google Ads, Meta Ads, LinkedIn Ads, programmatic advertising Social Media Marketing: Strategy, content creation, community management Search Engine Optimization (SEO): Technical SEO, content optimization, link building Content Marketing: Blog posts, whitepapers, case studies, video content Email Marketing: Campaign design, automation, list management Brand Strategy: Brand development, positioning, messaging Marketing Consulting: Strategy development, market research, analytics Web Analytics: Setup, tracking, reporting, optimization All services involve processing personal data as described in this policy.

17.2. Industry Compliance

In addition to GDPR, we comply with:

Polish Data Protection Laws ePrivacy Directive (Cookie Law) Polish Electronic Communications Law Advertising industry standards and codes of conduct Platform-specific policies (Google, Meta, LinkedIn, etc.)

17.3. Certifications and Standards

We strive to maintain:

GDPR compliance ISO 27001 awareness (working toward certification) Industry best practices for data security Regular security audits and assessments

17.4. Transparency Report

We are committed to transparency about:

Government data requests (if any) Data breaches and security incidents Compliance audits and findings Changes to our data practices Upon request, we can provide information about:

Number of data subject requests received and processed Types of data breaches (if any) Improvements to our data protection measures

18. Glossary of Terms

To help you understand this Privacy Policy better:

Personal Data: Any information relating to an identified or identifiable natural person

Data Controller: The entity that determines the purposes and means of processing personal data (Runner Media)

Data Processor: An entity that processes personal data on behalf of the controller (our service providers)

Data Subject: The individual whose personal data is being processed (you)

Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.)

Consent: Freely given, specific, informed, and unambiguous indication of agreement

GDPR: General Data Protection Regulation – EU data protection law

EEA: European Economic Area (EU countries plus Iceland, Liechtenstein, Norway)

Cookies: Small text files stored on your device by websites

IP Address: Internet Protocol address – unique numerical identifier for your device on a network

Encryption: Converting data into coded format to prevent unauthorized access

Anonymization: Permanently removing all identifying information from data

Pseudonymization: Replacing identifying information with artificial identifiers

DPO: Data Protection Officer – person responsible for data protection compliance

Supervisory Authority: Government body responsible for enforcing data protection laws (UODO in Poland)

Legitimate Interest: Legal basis for processing when it’s necessary for legitimate purposes (balanced against your rights)

Data Breach: Unauthorized access, loss, or disclosure of personal data

19. Acceptance and Agreement

19.1. Acknowledgment

By using our website, services, or providing us with your personal information, you acknowledge that:

You have read this entire Privacy Policy You understand how we collect, use, and protect your data You understand your rights under GDPR You agree to the terms and practices described herein You are legally capable of entering into binding agreements

19.2. Consent

Where required by law, we obtain your explicit consent for:

Marketing communications Non-essential cookies Specific data processing activities Sharing data with certain third parties You can withdraw consent at any time.

19.3. Continued Use

Continued use of our services after Privacy Policy updates constitutes acceptance of the revised terms, unless we specifically require new consent.

19.4. Questions or Concerns

If you have any questions about this Privacy Policy or our data practices:

Read the policy carefully first Check our FAQ section (if available) Contact us: contact@runnermedia.pl We’re here to help and committed to protecting your privacy.